Cassandra Structured Storage System over a P2P Network Avinash Lakshman, Prashant Malik, Karthik Ranganathan
Why Cassandra? • Lots of data – Copies of messages, reverse indices of messages, per user data. • Many incoming requests resulting in a lot of random reads and random writes. • No existing production ready solutions in the market meet these requirements.
Design Goals • High availability • Eventual consistency – trade-off strong consistency in favor of high availability • Incremental scalability • Optimistic Replication • “Knobs” to tune tradeoffs between consistency, durability and latency • Low total cost of ownership • Minimal administration
Data Model Columns are added and ColumnFamily1 Name : MailList Type : Simple So mod rt : N ifie am d e KEY Name : tid1 Name : tid2 Name : tid3 dynName : tid4 amically Value : <Binary> Value : <Binary> Value : <Binary> Value : <Binary> TimeStamp : t1 TimeStamp : t2 TimeStamp : t3 TimeStamp : t4 ColumnFamily2 Name : WordList Type : Super Sort : Time Column Families Name : aloha Name : dude are declared C1 C2 C3 C4 C2 C6 upfront SuperColumns V1 V2 V3 V4 V2 V6 T1 T2 T3 T4 T2 T6 are added and modified Columns are dynamically added and modified ColumnFamily3 Name : System Type : Super Sort : Name dynamically Name : hint1 Name : hint2 Name : hint3 Name : hint4 <Column List> <Column List> <Column List> <Column List>
Write Operations • A client issues a write request to a random node in the Cassandra cluster. • The “Partitioner” determines the nodes responsible for the data. • Locally, write operations are logged and then applied to an in-memory version. • Commit log is stored on a dedicated disk local to the machine.
Write cont’d Key (CF1 , CF2 , CF3) • Data size Memtable ( CF1) • Number of Objects • Lifetime Commit Log Memtable ( CF2) Binary serialized Key ( CF1 , CF2 , CF3 ) Memtable ( CF2) Data file on disk <Key name><Size of key Data><Index of columns/supercolumns>< Serialized column family> K Offset 128 --- --- K Offset Dedicated Disk 256 BLOCK Index <Key Name> Offset, <Key Name> Offset --- K Offset 384 --- <Key name><Size of key Data><Index of columns/supercolumns>< Bloom Filter Serialized column family> (Index in memory)
Compactions K2 < Serialized data > K4 < Serialized data > K1 < Serialized data > K10 < Serialized data > K5 < Serialized data > K2 < Serialized data > K30 < Serialized data > K10 < Serialized data > K3 < Serialized data > -- -- -- Sorted Sorted Sorted -- -- D E L E T E D -- -- -- -- MERGE SORT Index File K1 < Serialized data > Loaded in memory K2 < Serialized data > K3 < Serialized data > K1 Offset K4 < Serialized data > K5 Offset Sorted K5 < Serialized data > K30 Offset K10 < Serialized data > Bloom Filter K30 < Serialized data > Data File
Write Properties • No locks in the critical path • Sequential disk access • Behaves like a write through Cache • Append support without read ahead • Atomicity guarantee for a key • “Always Writable” – accept writes during failure scenarios
Read Client Query Result Cassandra Cluster Closest replica Result Read Re ad repai re r pai if digests dig dif d fer if Replica A Digest Query Digest Response Digest Response Replica B Replica C
Partitioning And Replication 1 0 h(key1) E A N=3 C h(key2) F B D 1/2 11
Cluster Membership and Failure Detection • Gossip protocol is used for cluster membership. • Super lightweight with mathematical y provable properties. • State disseminated in O(logN) rounds where N is the number of nodes in the cluster. • Every T seconds each member increments its heartbeat counter and selects one other member to send its list to. • A member merges the list with its own list .
Accrual Failure Detector • Valuable for system management, replication, load balancing etc. • Defined as a failure detector that outputs a value, PHI, associated with each process. • Also known as Adaptive Failure detectors - designed to adapt to changing network conditions. • The value output, PHI, represents a suspicion level. • Applications set an appropriate threshold, trigger suspicions and perform appropriate actions. • In Cassandra the average time taken to detect a failure is 10-15 seconds with the PHI threshold set at 5.
Properties of the Failure Detector • If a process p is faulty, the suspicion level Φ(t) ∞as t ∞. • If a process p is faulty, there is a time after which Φ(t) is monotonic increasing. • A process p is correct Φ(t) has an ub over an infinite execution. • If process p is correct, then for any time T, Φ(t) = 0 for t >= T.
Implementation • PHI estimation is done in three phases – Inter arrival times for each member are stored in a sampling window. – Estimate the distribution of the above inter arrival times. – Gossip fol ows an exponential distribution. – The value of PHI is now computed as fol ows: • Φ(t) = -log10( P(tnow – tlast) ) where P(t) is the CDF of an exponential distribution. P(t) denotes the probability that a heartbeat wil arrive more than t units after the previous one. P(t) = ( 1 – e-tλ ) The overal mechanism is described in the figure below.
Information Flow in the Implementation
Performance Benchmark • Random and sequential writes - limited by network bandwidth. • Read performance for Inbox Search in production: Search Interactions Term Search Min 7.69 ms 7.78 ms Median 15.69 ms 18.27 ms Average 26.13 ms 44.41 ms
Lessons Learnt • Add fancy features only when absolutely required. • Many types of failures are possible. • Big systems need proper systems-level monitoring. • Value simple designs
Future work • Atomicity guarantees across multiple keys • Distributed transactions • Compression support • Granular security via ACL’s